Perhaps one of the most common reconnaissance techniques to map out networks when planning attacks is a port scan. Port scans are a connection sweep of address and/or ports intended to discover what addresses have open service ports with potentially vulnerable services.

1.
Port Vulnerability Scanning: How FlowTraq Dynamically Adapts to
Your Network
Perhaps one of the most common reconnaissance techniques to map out networks when planning
attacks is a port scan. Port scans are a connection sweep of address and/or ports intended to discover
what addresses have open service ports with potentially vulnerable services.
For instance, if a host has a MySQL port open, it is worth trying various exploits that some MySQL
versions are vulnerable to. The same goes for web servers, email servers, databases, fileserver ports,
etc.
This means attackers might port scan large blocks and ranges from the outside to try to get in.
Firewalls generally block outside access to the inside, so more commonly attackers attempt to get in
through phishing or device-borne viruses, and start scanning once on the inside, using the
compromised system.
FlowTraq detects both horizontal and vertical scan behavior by analyzing the number of unique ports a
system connects to, and the total number of unique IPs a system connects to over a number of
different time frames.
An alert is generated by the FlowTraq Network Behavior Intelligence (NBI) system when the number of
attempts is unusually high—meaning deviant from “typical” behavior on the observed network, For
instance, if you have 10,000 systems, and they all typically show 6 unique ports +/-3 per hour, then a
scan that hits 160 in 10 minutes is considered high.
Equally as important, FlowTraq will also learn the deviants. For instance, if you run an
OpenVAS/Nessus/CoreImpact vulnerability scanner on your network for discovery, then FlowTraq will
learn what this system is and when it performs the scans. This avoids receiving alerts each time the
desired scanning behavior occurs. Any other systems showing this behavior will immediately send
alerts.
Contact ProQSys
16 Cavendish Court
Lebanon, NH 03766
(603) 727-4477
sales@flowtraq.com
FlowTraq Trial
Free 14-Day Trial of FlowTraq at www.flowtraq.com/trial